2 # file: roles/vault/tasks/main.yaml
4 - name: Inst - Update Package Cache (APT)
9 - ansible_distribution|lower == 'ubuntu'
11 - vault-inst-prerequisites
13 - name: Inst - Prerequisites
15 name: "{{ packages | flatten(levels=1) }}"
18 - vault-inst-prerequisites
20 - name: Conf - Add Vault Group
22 name: "{{ vault_group }}"
23 state: "{{ vault_user_state }}"
27 - name: Conf - Add Vault user
29 name: "{{ vault_user }}"
30 group: "{{ vault_group }}"
31 state: "{{ vault_group_state }}"
36 - name: Inst - Clean Vault
38 path: "{{ vault_inst_dir }}/vault"
43 - name: Inst - Download Vault
45 url: "{{ vault_zip_url }}"
46 dest: "{{ vault_inst_dir }}/{{ vault_pkg }}"
50 - name: Inst - Unarchive Vault
52 src: "{{ vault_inst_dir }}/{{ vault_pkg }}"
53 dest: "{{ vault_inst_dir }}/"
54 creates: "{{ vault_inst_dir }}/vault"
61 src: "{{ vault_inst_dir }}/vault"
62 dest: "{{ vault_bin_dir }}"
63 owner: "{{ vault_user }}"
64 group: "{{ vault_group }}"
71 - name: Inst - Check Vault mlock capability
72 command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
73 changed_when: false # read-only task
75 register: vault_mlock_capability
79 - name: Inst - Enable non root mlock capability
80 command: "setcap cap_ipc_lock=+ep {{ vault_bin_dir }}/vault"
81 when: vault_mlock_capability is failed
85 - name: Conf - Create directories
89 owner: "{{ vault_user }}"
90 group: "{{ vault_group }}"
93 - "{{ vault_data_dir }}"
94 - "{{ vault_config_dir }}"
95 - "{{ vault_ssl_dir }}"
99 - name: Conf - Vault main configuration
101 src: "{{ vault_main_configuration_template }}"
102 dest: "{{ vault_main_config }}"
103 owner: "{{ vault_user }}"
104 group: "{{ vault_group }}"
109 # - name: Conf - Copy Certificates And Keys
111 # content: "{{ item.src }}"
112 # dest: "{{ item.dest }}"
113 # owner: "{{ vault_user }}"
114 # group: "{{ vault_group }}"
117 # loop: "{{ vault_certificates | flatten(levels=1) }}"
121 - name: Conf - System.d Script
123 src: "vault_systemd.service.j2"
124 dest: "/lib/systemd/system/vault.service"
133 - meta: flush_handlers